You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Uwe Eisele (Jira)" <ji...@apache.org> on 2021/06/22 21:19:00 UTC

[jira] [Commented] (KAFKA-12790) Fix SslTransportLayerTest.testUnsupportedTlsVersion with JDK 16

    [ https://issues.apache.org/jira/browse/KAFKA-12790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17367686#comment-17367686 ] 

Uwe Eisele commented on KAFKA-12790:
------------------------------------

It looks like that the test also no longer runs on JDK 11. Basically its stated in https://bugs.openjdk.java.net/browse/JDK-8256490 which says that as of JDK 11.0.11 TLSv1.1 is disabled by default.

I executed the test in a Docker container with JDK 11.0.10 and JDK 11.0.11 (see https://github.com/ueisele/kafka/tree/fix/ssltransportlayertest/ci).

JDK 11.0.10
{code:java}
./ci/do_in_docker 11.0.10 ./gradlew clients:unitTest --tests SslTransportLayerTest.testUnsupportedTLSVersion --rerun-tasks
...
> Task :clients:unitTest
SslTransportLayerTest > [1] tlsProtocol=TLSv1.2, useInlinePem=false PASSED
SslTransportLayerTest > [2] tlsProtocol=TLSv1.2, useInlinePem=true PASSED
SslTransportLayerTest > [3] tlsProtocol=TLSv1.3, useInlinePem=false PASSED
{code}

JDK 11.0.11
{code:java}
./ci/do_in_docker 11.0.11 ./gradlew clients:unitTest --tests SslTransportLayerTest.testUnsupportedTLSVersion --rerun-tasks
...
> Task :clients:unitTest
org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[1] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[1].test.stdout

SslTransportLayerTest > [1] tlsProtocol=TLSv1.2, useInlinePem=false FAILED
    org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false>
        at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
        at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40)
        at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193)
        at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303)
        at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351)
        at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319)
        at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300)
        at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196)
        at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155)
        at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644)
org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[2] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[2].test.stdout

SslTransportLayerTest > [2] tlsProtocol=TLSv1.2, useInlinePem=true FAILED
    org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false>
        at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
        at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40)
        at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193)
        at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303)
        at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351)
        at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319)
        at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300)
        at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196)
        at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155)
        at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644)
org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[3] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[3].test.stdout

SslTransportLayerTest > [3] tlsProtocol=TLSv1.3, useInlinePem=false FAILED
    org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false>
        at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
        at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40)
        at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193)
        at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303)
        at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351)
        at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319)
        at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300)
        at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196)
        at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155)
        at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644)

3 tests completed, 3 failed
{code}

To execute tests which require TLSv1.1 support with current JDKs, TLSv1.1 must be removed from the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file.

I also tested this and in this case I could execute the test testUnsupportedTlsVersion with the newest version of JDK 11.

I now, this task is about JDK 16, but for me it looks like that also for JDK 16 the reason is that TLSv1.1 has been disabled by default.

> Fix SslTransportLayerTest.testUnsupportedTlsVersion with JDK 16
> ---------------------------------------------------------------
>
>                 Key: KAFKA-12790
>                 URL: https://issues.apache.org/jira/browse/KAFKA-12790
>             Project: Kafka
>          Issue Type: Sub-task
>            Reporter: Ismael Juma
>            Assignee: Rajini Sivaram
>            Priority: Major
>             Fix For: 3.0.0
>
>
> Details can be found in the PR:
> https://github.com/apache/kafka/pull/10415#issuecomment-808230478



--
This message was sent by Atlassian Jira
(v8.3.4#803005)